Commit 9cfc8a9d authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Update smime utility to support streaming for -encrypt and -sign -nodetach 

options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.

These all process content on the fly without storing it all in memory.
parent 18327cd0

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -4,6 +4,11 @@ 


 Changes between 0.9.8f and 0.9.9  [xx XXX xxxx]



  *) Add option -stream to use PKCS#7 streaming in smime utility. New

     function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()

     to output in BER and PEM format.

     [Steve Henson]



  *) Experimental support for use of HMAC via EVP_PKEY interface. This

     allows HMAC to be handled via the EVP_DigestSign*() interface. The

     EVP_PKEY "key" in this case is the HMAC key, potentially allowing

apps/smime.c

+14 −4
Original line number Diff line number Diff line
@@ -109,6 +109,7 @@ int MAIN(int argc, char **argv) 
	char *passargin = NULL, *passin = NULL;

	char *inrand = NULL;

	int need_rand = 0;

	int indef = 0;

	const EVP_MD *sign_md = NULL;

	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;

        int keyform = FORMAT_PEM;
@@ -196,6 +197,12 @@ int MAIN(int argc, char **argv) 
				flags |= PKCS7_BINARY;

		else if (!strcmp (*args, "-nosigs"))

				flags |= PKCS7_NOSIGS;

		else if (!strcmp (*args, "-stream"))

				indef = 1;

		else if (!strcmp (*args, "-indef"))

				indef = 1;

		else if (!strcmp (*args, "-noindef"))

				indef = 0;

		else if (!strcmp (*args, "-nooldmime"))

				flags |= PKCS7_NOOLDMIMETYPE;

		else if (!strcmp (*args, "-crlfeol"))
@@ -666,7 +673,11 @@ int MAIN(int argc, char **argv) 
	ret = 3;



	if (operation == SMIME_ENCRYPT)

		{

		if (indef)

			flags |= PKCS7_STREAM;

		p7 = PKCS7_encrypt(encerts, in, cipher, flags);

		}

	else if (operation & SMIME_SIGNERS)

		{

		int i;
@@ -675,8 +686,7 @@ int MAIN(int argc, char **argv) 
		 */

		if (operation == SMIME_SIGN)

			{

			if ((flags & PKCS7_DETACHED)

				&& (outformat == FORMAT_SMIME))

			if (indef || (flags & PKCS7_DETACHED))

				flags |= PKCS7_STREAM;

			flags |= PKCS7_PARTIAL;

			p7 = PKCS7_sign(NULL, NULL, other, in, flags);
@@ -764,9 +774,9 @@ int MAIN(int argc, char **argv) 
				SMIME_write_PKCS7(out, p7, in, flags);

			}

		else if (outformat == FORMAT_PEM) 

			PEM_write_bio_PKCS7(out,p7);

			PEM_write_bio_PKCS7_stream(out, p7, in, flags);

		else if (outformat == FORMAT_ASN1) 

			i2d_PKCS7_bio(out,p7);

			i2d_PKCS7_bio_stream(out,p7, in, flags);

		else

			{

			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");

crypto/asn1/asn1_lib.c

+2 −1
Original line number Diff line number Diff line
@@ -427,7 +427,8 @@ ASN1_STRING *ASN1_STRING_type_new(int type) 
void ASN1_STRING_free(ASN1_STRING *a)

	{

	if (a == NULL) return;

	if (a->data != NULL) OPENSSL_free(a->data);

	if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))

		OPENSSL_free(a->data);

	OPENSSL_free(a);

	}

crypto/pkcs7/bio_pk7.c

+20 −5
Original line number Diff line number Diff line
@@ -97,8 +97,9 @@ typedef struct pkcs7_aux_st 
	} PKCS7_SUPPORT;



static int pkcs7_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg);

static int pkcs7_psfix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);

static int pkcs7_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);

static int pkcs7_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);

static int pkcs7_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);



BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) 

	{
@@ -113,8 +114,8 @@ BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) 


	out = BIO_push(asn_bio, out);



	BIO_asn1_set_prefix(asn_bio, pkcs7_prefix, pkcs7_psfix_free);

	BIO_asn1_set_suffix(asn_bio, pkcs7_suffix, pkcs7_psfix_free);

	BIO_asn1_set_prefix(asn_bio, pkcs7_prefix, pkcs7_prefix_free);

	BIO_asn1_set_suffix(asn_bio, pkcs7_suffix, pkcs7_suffix_free);



	/* Now initialize BIO for PKCS#7 output */
@@ -132,7 +133,6 @@ BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) 


	}





static int pkcs7_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)

	{

	PKCS7_SUPPORT *p7aux;
@@ -150,12 +150,15 @@ static int pkcs7_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) 
	*pbuf = p;

	i2d_PKCS7_NDEF(p7aux->p7, &p);



	if (!*p7aux->boundary)

		return 0;



	*plen = *p7aux->boundary - *pbuf;



	return 1;

	}



static int pkcs7_psfix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)

static int pkcs7_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)

	{

	PKCS7_SUPPORT *p7aux;
@@ -173,6 +176,16 @@ static int pkcs7_psfix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg) 
	return 1;

	}



static int pkcs7_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)

	{

	PKCS7_SUPPORT **pp7aux = (PKCS7_SUPPORT **)parg;

	if (!pkcs7_prefix_free(b, pbuf, plen, parg))

		return 0;

	OPENSSL_free(*pp7aux);

	*pp7aux = NULL;

	return 1;

	}



static int pkcs7_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)

	{

	PKCS7_SUPPORT *p7aux;
@@ -191,6 +204,8 @@ static int pkcs7_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) 
	p = OPENSSL_malloc(derlen);

	p7aux->derbuf = p;

	i2d_PKCS7_NDEF(p7aux->p7, &p);

	if (!*p7aux->boundary)

		return 0;

	*pbuf = *p7aux->boundary;

	*plen = derlen - (*p7aux->boundary - p7aux->derbuf);

crypto/pkcs7/pk7_asn1.c

+1 −1
Original line number Diff line number Diff line
@@ -163,7 +163,7 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) 
ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {

	ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),

	ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),

	ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)

	ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0)

} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)



IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)